Package: passenger
Version: 6.0.13+ds-1+b2
Severity: normal
Tags: upstream
Dear Maintainer,
When starting, the Apache logs show an available update with two security
issues fixed:
[ E 2023-01-26 16:19:00.9642 2682647/T6 age/Cor/SecurityUpdateChecker.h:521
]: A security update is available for your version (6.0.13) of Phusion
Passenger(R). We strongly recommend upgrading to version 6.0.17.
[ E 2023-01-26 16:19:00.9644 2682647/T6 age/Cor/SecurityUpdateChecker.h:526
]: Additional security update check information:
- [Fixed in 6.0.14] [CVE-2018-25032] zlib before 1.2.12 allows memory
corruption when deflating (i.e., when compressing) if the input has many
distant matches.
- [Fixed in 6.0.14] A use after free memory safety issue was introduced in
6.0.12, and fixed in 6.0.14.
It would be nice if it was still possible to update the version of Passenger to
at least 6.0.14
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
merged-usr: no
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-22-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages passenger depends on:
ii libc6 2.36-8
ii libcurl4 7.87.0-2
ii libev4 1:4.33-1
ii libgcc-s1 12.2.0-14
ii libruby 1:3.1
ii libruby3.1 3.1.2-4
ii libssl3 3.0.7-2
ii libstdc++6 12.2.0-14
ii libuv1 1.44.2-1
ii ruby 1:3.1
ii ruby-rack 2.2.4-2
passenger recommends no packages.
Versions of packages passenger suggests:
ii nodejs 18.13.0+dfsg1-1
ii python3 3.10.6-3+b1
pn rails <none>
-- no debconf information
